ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://hospitalvilleroy.com.br/wp-includes/fonts/icons/.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-15 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1356253
IOC:	https://hospitalvilleroy.com.br/wp-includes/fonts/icons/
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Amadey
Confidence Level :	Confidence level is moderate (49%)
Is compromised? :	False
ASN:	AS27715 Locaweb_Servios_de_Internet_S/A
Country:	BR
First seen:	2024-12-12 19:47:55 UTC
Last seen:	never
UUID:	3cb5d679-b89e-11ef-91ae-42010aa4000a
Reporter	johannes
Reward	5 credits from ThreatFox
Tags:	Wipbot
Reference:	https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/

johannes

Tavdig C2 Secret Blizzard April, from the Microsoft report "Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine". See all IOC from that report at https://rosti.bin.re/reports/GcSswmyc